Common_Criteria_Paradigm - The Common Criteria(CC Paradigm...

Info icon This preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
The Common Criteria (CC) Paradigm Stuart Katzke, Ph.D. Senior Research Scientist National Institute of Standards & Technology 100 Bureau Drive; Stop 8930 Gaithersburg, MD 20899 (301) 975-4768 [email protected] fax: (301) 975-4964
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
An Evolutionary Process Two decades of research and development… US-DOD TCSEC 1983-85 US-NIST MSFR 1990 Federal Criteria 1992 Europe ITSEC 1991 Canada TCPEC 1993 Common Criteria 1993-98 ISO 15408 Common Criteria 1999 European National/Regional Initiatives 1989-93 Canadian Initiatives 1989-93
Image of page 2
The Common Criteria (International Standard-ISO/IEC 15408) What the standard is – Common structure and language for expressing product/system IT security requirements (Part 1) Catalog of standardized IT security requirement components and packages (Parts 2 and 3) How the standard is used: The CC Paradigm– Develop protection profiles and security targets -- specific IT security requirements and specifications for products and systems Evaluate Evaluate products and systems against known and understood IT security requirements
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
IT Security Requirements IT Security Requirements The Common Criteria defines two types of IT security requirements-- Functional Requirements - for defining security behavior of the IT product or system: implemented requirements become security functions Assurance Requirements - for establishing confidence in security functions: correctness of implementation effectiveness in satisfying security objectives Examples: Identification & Authentication Audit User Data Protection Cryptographic Support Examples: Development Configuration Management Life Cycle Support Testing Vulnerability Analysis
Image of page 4
Evaluation Assurance Levels Evaluation Assurance Levels Common Criteria defines seven hierarchical assurance levels-- EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 Functionally Tested Structurally Tested Methodically Tested & Checked Methodically Designed, Tested & Reviewed Semiformally Designed & Tested Semiformally Verified Design & Tested Formally Verified Design & Tested EAL Designation
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Protection Profiles (generic) Protection Profiles (generic) & Security Targets (specific)
Image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern